Penetration Testing.

What is Penetration Testing?

A Penetration Test is attempting to attack vulnerabilities in a similar method of a real malicious attacker. Typically, penetration services are requested when a system or network has exhausted investments in security and seeking to verify if all avenues of security have been covered. The key difference between a Penetration Test and Vulnerability Assessment is a penetration test will act upon vulnerabilities found and verify if they are legit reducing the list of confirmed risk associated with a target.

IMPORTANT: One popular misconception is a Penetration Testing service enhances IT security since services have a higher cost associated than other security services. Penetration Testing does not make IT networks more secure since services evaluates existing security! A customer should not consider a penetration test if there is a belief the target is not completely secure.

But, What is Vulnerability Assessment?

A Vulnerability Assessment is the process in which network devices, operating systems and application software are scanned in order to identify the presence of known and unknown vulnerabilities. A vulnerability is a gap, error or weakness in how a system is designed, used and protected. When a vulnerability is exploited, it can result in giving unauthorized access, escalation of privileges or denial-of-service to the asset.

Vulnerability Assessments typically stop once a vulnerability is found meaning services doesn't include executing an attack against the vulnerability to verify if it's legitimate. A Vulnerability Assessment deliverable provides potential risk associated with all vulnerabilities found with possible remediation steps. Vulnerability Assessments are a valuable way to assess a network for potential security weakness to identify where to invest for future security.

Target Audience of Vulnerability Assessment

Customer Maturity Level: Low to Medium. Usually requested by customers who already know they have issues, and need help getting started.Goal: Attain a prioritized list of vulnerabilities in the environment so that remediation can occur.Focus: Breadth over depth.

Target Audience of Penetration Test

Customer Maturity Level: High. The client believes their defenses to be strong, and wants to test that assertion.Goal: Determine whether a mature security posture can withstand an intrusion attempt from an advanced attacker with a specific goal.Focus: Depth over breadth.

Why Me?

Penetration Testing that I offer exposes hidden vulnerability of web applications by initiating a simulated attack to the system from attackers' viewpoint. This penetration testing method is initiated manually by myself. This testing method is effective for discovering vulnerabilities that conventional tools cannot detect, and is most effective while attempting to grasp the extent of virtual damages caused by an attack incident. Needless to say, vulnerabilities that ordinary tools can detect will also be revealed manually, and reported.

&hyphen; Manual analysis (via penetration testing) is conducted
&hyphen; From an attacker's viewpoint, a set of vulnerabilities is exposed.
&hyphen; By combining elements of vulnerabilities detected above, a set of threat scenarios are prepared, so that actual risks can easily be envisioned.
&hyphen; Foreseeable effects and recommended measures outside of areas detected with vulnerabilities, are also covered in the report.
&hyphen; Analysis environment can be initiated remotely or on-site, in a flexible manner.

Am I right person for you?

If you need a penetration test, I want to talk with you. This is what you can expect:

&hyphen; When you contact, I don't have any assistant, I work alone. Instead, I will work with you to determine if I am good for you.
&hyphen; I will work out a schedule that works for everyone involved. If it so happens that I am not the right person for you, I will be upfront and not waste your time.
&hyphen; Rules of engagement will be set that meet the goals that you defined.
&hyphen; As work is conducted and I will be sure to keep you informed every step of the way. My goal is no surprises on the report as you are kept involved on an on-going basis.
&hyphen; A report will be created that informs you as to what was discovered and what I suggest to correct any issues.
&hyphen; I will work with you to make sure you understand the results and have the knowledge needed to take any actions that you may need to take.